Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Rip&Tear
2026-06-19 13:20:56 +08:00
committed by GitHub
parent 099201cc92
commit 72db78a14e

View File

@@ -393,6 +393,8 @@ def _safe_extractall(tf: tarfile.TarFile, dest: Path) -> None:
member_path = (dest / member.name).resolve()
if not member_path.is_relative_to(dest_resolved):
raise ValueError(f"Blocked path traversal attempt: {member.name!r}")
if member.ischr() or member.isblk() or member.isfifo():
raise ValueError(f"Blocked special file type in archive: {member.name!r}")
if member.issym() or member.islnk():
link_target = member.linkname
# Absolute link targets always escape the destination.